Application And Research On Data Mining In Database Instrusion Detection System

Datebase Management System (DBMS) is one of the three platforms of information systems, so its safety is an important component of the information safety. Database intrusion detection is the final barrier that ensures the database's safety, but now the research on it is still in its infancy, most detection methods are based on data mining technology. The author puts emphases on the improvement of Apriori algorithm which is a classical algorithm of mining association rules, and then applies it to the database intrusion detection system.In the process of the Apriori algorithm, there are a mass of useless itemsets whose support is 0 are generated. It is caused by linking two datasets without considering the mutually-exclusive attributes. Accordingly, the author propounds the concept of mutually-exclusive attribute, and divides it into two kinds: the obviously mutually-exclusive attribute and the implicitly mutually-exclusive attribute. The improved preprocessing algorithm is proposed for the obviously mutually-exclusive attribute. During the transformation of the datasets, the obviously mutually-exclusive attributes are marked. The link of the obviously mutually-exclusive attributes can be avoided according to the marks. The Apriori algorithm is improved to deal with the implicitly mutually-exclusive attribute and to judge whether the two attributes are mutually-exclusive before linking two itemsets. By overleaping connection operation of mutually-exclusive attributes, the number of k - itemsets is reduced, so that time of mining frequent itemsets is saved.With the two improved algorithms, the author designs a self-adaptive model of database intrusion detection system. According to the limitation of producing misuse detection rules, the mid-results of the improved Apriori algorithm are used to perfect the library of misuse detection rules. Considering the characteristics of misuse detection and abnormal detection, misuse detection is executed before the abnormal detection to make the detection more accurate. According to the results of detection, rules library should be updated continually to improve self-adaption of system.